Digital Forensics & Incident Response
Turning noise into
signal.
DFIR consultant, homelab tinkerer, occasional educator. I write about threat hunting, forensic analysis, and the deep technical rabbit holes that come with the job.
Featured Post
Decoding OWA Ids in On-Prem Exchange
How to decode OWA Id parameters from IIS logs to extract the PR_ENTRYID and identify specifically which emails were accessed in an on-prem Exchange environment.
Recent Posts
All posts →
Honeypot Diaries: SSH Authorized Keys
Analyzing threat actor activity and malware observed in geographically dispersed honeypots.
account manipulation
Apr 2023
4 min read
Migrating Splunk Storage to S3 SmartStore
A short guide on how I transitioned an existing Splunk deployment to S3 SmartStore to decouple and scale storage.
aws
Apr 2023
6 min read
Managing Password Hygiene
Reviewing the current state of password hygiene and why unique, long, and complex passwords are more important than ever.
bitwarden
Mar 2023
4 min read
Email Spam: Forgotten Bitcoin
This post investigates a Bitcoin recovery email scam step-by-step, exposing how it uses Google Apps Script to bypass filters, a chatbot manager persona, and a fraudulent conversion fee to steal funds.
Apps Script
Jan 2023
6 min read